OXDEV-7202 Apply fix for changeUser method

OXID-eSales · Feb 16, 2024 · 6166b1e · 6166b1e
1 parent 796ac6d
commit 6166b1e
Show file tree

Hide file tree

Showing 5 changed files with 133 additions and 50 deletions.
diff --git a/CHANGELOG-7.1.md b/CHANGELOG-7.1.md
@@ -22,6 +22,7 @@ template extension resolving is already performed in `TemplateRenderer`
 ### Fixed
 - Wrong property "_oUserData" used in ContactController [PR-918](https://github.com/OXID-eSales/oxideshop_ce/pull/918)
 - Can't use dot character for template file names
+- User registration in the Private Sales mode
 
 ### Changed
 -  Executing `oe-console` command with an invalid `shop-id` value will be interrupted

diff --git a/source/Application/Component/UserComponent.php b/source/Application/Component/UserComponent.php
@@ -24,6 +24,7 @@
 use OxidEsales\Eshop\Core\Form\UpdatableFieldsConstructor;
 use OxidEsales\Eshop\Core\Registry;
 use function array_key_exists;
+use function is_array;
 
 // defining login/logout states
 define('USER_LOGIN_SUCCESS', 1);
@@ -435,15 +436,8 @@ public function createUser()
         $password = Registry::getRequest()->getRequestParameter('lgn_pwd');
         $passwordConfirmation = Registry::getRequest()->getRequestParameter('lgn_pwd2');
 
-        $billingAddress = Registry::getRequest()->getRequestParameter('invadr');
-        $billingAddress = $this->cleanAddress($billingAddress, oxNew(UserUpdatableFields::class));
-        $billingAddress = $this->removeNonAddressFields($billingAddress);
-        $billingAddress = $this->trimAddress($billingAddress);
-
-        $shippingAddress = $this->getDelAddressData();
-        $shippingAddress = $this->cleanAddress($shippingAddress, oxNew(UserShippingAddressUpdatableFields::class));
-        $shippingAddress = $this->trimAddress($shippingAddress);
-
+        $billingAddress = $this->getBillingAddress();
+        $shippingAddress = $this->getShippingAddress();
         try {
             $user = oxNew(User::class);
             $user->checkValues($username, $password, $passwordConfirmation, $billingAddress, $shippingAddress);
@@ -656,18 +650,11 @@ protected function changeUserWithoutRedirect()
         if (!$user) {
             return;
         }
-
-        $shippingAddress = $this->getDelAddressData();
-        $shippingAddress = $this->cleanAddress($shippingAddress, oxNew(UserShippingAddressUpdatableFields::class));
-        $shippingAddress = $this->trimAddress($shippingAddress);
-
-        $billingAddress = Registry::getRequest()->getRequestParameter('invadr');
-        $billingAddress = $this->cleanAddress($billingAddress, oxNew(UserUpdatableFields::class));
-        $billingAddress = $this->trimAddress($billingAddress);
+        $shippingAddress = $this->getShippingAddress();
+        $billingAddress = $this->getBillingAddress();
 
         $username = $user->getFieldData('oxusername');
         $password = $user->getFieldData('oxpassword');
-
         try {
             $newName = $billingAddress['oxuser__oxusername'] ?? '';
             if (
@@ -865,27 +852,17 @@ private function trimAddress($address)
         return $address;
     }
 
-    /**
-     * @param $user
-     * @return bool
-     */
     private function isGuestUser(User $user): bool
     {
         return empty($user->oxuser__oxpassword->value);
     }
 
-    /**
-     * @param $currentName
-     * @param $newName
-     * @return bool
-     */
     private function isUserNameUpdated(string $currentName, string $newName): bool
     {
         return $currentName && $newName && $currentName !== $newName;
     }
 
     /**
-     * @param string $newName
      * @throws Exception
      */
     private function deleteExistingGuestUser(string $newName): void
@@ -897,7 +874,24 @@ private function deleteExistingGuestUser(string $newName): void
         }
     }
 
-    private function removeNonAddressFields(array $billingAddress): array
+    private function getShippingAddress(): array
+    {
+        $shippingAddress = $this->getDelAddressData();
+        $shippingAddress = $this->cleanAddress($shippingAddress, oxNew(UserShippingAddressUpdatableFields::class));
+        return $this->trimAddress($shippingAddress);
+    }
+
+    private function getBillingAddress(): array
+    {
+        $billingAddress = Registry::getRequest()->getRequestParameter('invadr');
+        $billingAddress = $this->cleanAddress($billingAddress, oxNew(UserUpdatableFields::class));
+        if ($billingAddress && is_array($billingAddress)) {
+            $billingAddress = $this->removeNonAddressFields($billingAddress);
+        }
+        return (array) $this->trimAddress($billingAddress);
+    }
+
+    private function removeNonAddressFields(array $addressFormData): array
     {
         $nonAddressFields = [
             'oxuser__oxactive',
@@ -908,11 +902,11 @@ private function removeNonAddressFields(array $billingAddress): array
             'oxuser__oxupdateexp',
         ];
         foreach ($nonAddressFields as $field) {
-            if ($billingAddress && array_key_exists($field, $billingAddress)) {
-                unset($billingAddress[$field]);
+            if ($addressFormData && array_key_exists($field, $addressFormData)) {
+                unset($addressFormData[$field]);
             }
         }
 
-        return $billingAddress;
+        return $addressFormData;
     }
 }
diff --git a/tests/Integration/Application/Component/UserComponentTest.php b/tests/Integration/Application/Component/UserComponentTest.php
@@ -24,14 +24,13 @@ public function setUp(): void
     {
         parent::setUp();
 
-        $this->mockSessionChallenge();
+        $this->mockSession();
         Registry::getConfig()->reinitialize();
     }
 
     public function testCreateUserWillActivateUserAutomatically(): void
     {
-        $requestData = $this->getUserFormData();
-        $_POST = array_merge($_POST, $requestData);
+        $_POST = $this->getUserFormData();
 
         $this->getUserComponent()->createUser();
 
@@ -41,27 +40,37 @@ public function testCreateUserWillActivateUserAutomatically(): void
     public function testCreateUserWithPrivateSalesWillNotActivateUserAutomatically(): void
     {
         Registry::getConfig()->setConfigParam('blPsLoginEnabled', true);
-        $requestData = $this->getUserFormData();
-        $_POST = array_merge($_POST, $requestData);
+        $_POST = $this->getUserFormData();
 
         $this->getUserComponent()->createUser();
 
         $this->assertEmpty($this->fetchUserData()['OXACTIVE']);
     }
 
-    public function testCreateUserWithPrivateSalesAndExtraDataInAddressForm(): void
+    public function testCreateUserWithMissingBillingAddressData(): void
+    {
+        $requestData = $this->getUserFormData();
+        unset($requestData['invadr']);
+        $_POST = $requestData;
+
+        $return = $this->getUserComponent()->createUser();
+
+        $this->assertFalse($return);
+    }
+
+    public function testCreateUserWithPrivateSalesAndExtraFormDataWillNotUpdateUserStatus(): void
     {
         Registry::getConfig()->setConfigParam('blPsLoginEnabled', true);
         $requestData = $this->getUserFormData();
         $requestData['invadr']['oxuser__oxactive'] = 1;
-        $_POST = array_merge($_POST, $requestData);
+        $_POST = $requestData;
 
         $this->getUserComponent()->createUser();
 
         $this->assertEmpty($this->fetchUserData()['OXACTIVE']);
     }
 
-    public function testCreateUserExtraDataInAddressFormWillNotUpdateNonAddressUserFields(): void
+    public function testCreateUserWithExtraFormDataWillNotUpdateNonAddressUserFields(): void
     {
         $wrongShopId = 123;
         $wrongUserRights = 'admin';
@@ -80,7 +89,7 @@ public function testCreateUserExtraDataInAddressFormWillNotUpdateNonAddressUserF
         $requestData['invadr']['oxuser__oxregister'] = $wrongTimestamp;
         $requestData['invadr']['oxuser__oxupdatekey'] = $wrongTimestamp;
         $requestData['invadr']['oxuser__oxupdateexp'] = $wrongUpdateExpiration;
-        $_POST = array_merge($_POST, $requestData);
+        $_POST = $requestData;
 
         $this->getUserComponent()->createUser();
 
@@ -96,20 +105,71 @@ public function testCreateUserExtraDataInAddressFormWillNotUpdateNonAddressUserF
         $this->assertNotEquals($wrongUpdateExpiration, $userData['OXUPDATEEXP']);
     }
 
-    private function mockSessionChallenge(): void
+    public function testChangeUserWithMissingBillingAddressData(): void
     {
-        Registry::set(
-            Session::class,
-            $this->createConfiguredMock(
-                Session::class,
-                ['checkSessionChallenge' => true]
-            )
-        );
+        $_POST = $this->getUserFormData();
+        $this->getUserComponent()->createUser();
+
+        $requestData = $this->getUserFormData();
+        unset($requestData['invadr']);
+        $_POST = $requestData;
+
+        $return = $this->getUserComponent()->changeUser();
+
+        $this->assertFalse($return);
+    }
+
+    public function testChangeUserWithExtraFormDataWillNotUpdateNonAddressUserFields(): void
+    {
+        $_POST = $this->getUserFormData();
+        $this->getUserComponent()->createUser();
+
+        $wrongShopId = 123;
+        $wrongUserRights = 'admin';
+        $wrongCustomerNumber = 12345;
+        $wrongPassword = uniqid('some-pass-', true);
+        $wrongPasswordSalt = uniqid('some-pass-salt-', true);
+        $wrongTimestamp = '2001-01-01';
+        $wrongUpdateExpiration = 123;
+        $requestData = $this->getUserFormData();
+        $requestData['invadr']['oxuser__oxshopid'] = $wrongShopId;
+        $requestData['invadr']['oxuser__oxrights'] = $wrongUserRights;
+        $requestData['invadr']['oxuser__oxcustnr'] = $wrongCustomerNumber;
+        $requestData['invadr']['oxuser__oxpassword'] = $wrongPassword;
+        $requestData['invadr']['oxuser__oxpasssalt'] = $wrongPasswordSalt;
+        $requestData['invadr']['oxuser__oxcreate'] = $wrongTimestamp;
+        $requestData['invadr']['oxuser__oxregister'] = $wrongTimestamp;
+        $requestData['invadr']['oxuser__oxupdatekey'] = $wrongTimestamp;
+        $requestData['invadr']['oxuser__oxupdateexp'] = $wrongUpdateExpiration;
+        $_POST = $requestData;
+
+        $this->getUserComponent()->changeUser();
+
+        $userData = $this->fetchUserData();
+        $this->assertNotEquals($wrongShopId, $userData['OXSHOPID']);
+        $this->assertNotEquals($wrongUserRights, $userData['OXRIGHTS']);
+        $this->assertNotEquals($wrongUserRights, $userData['OXCUSTNR']);
+        $this->assertNotEquals($wrongPassword, $userData['OXPASSWORD']);
+        $this->assertNotEquals($wrongPasswordSalt, $userData['OXPASSSALT']);
+        $this->assertNotEquals($wrongTimestamp, $userData['OXCREATE']);
+        $this->assertNotEquals($wrongTimestamp, $userData['OXREGISTER']);
+        $this->assertNotEquals($wrongTimestamp, $userData['OXUPDATEKEY']);
+        $this->assertNotEquals($wrongUpdateExpiration, $userData['OXUPDATEEXP']);
+    }
+
+    private function mockSession(): void
+    {
+        $sessionMock = $this->createPartialMock(Session::class, ['checkSessionChallenge']);
+        $sessionMock
+            ->method('checkSessionChallenge')
+            ->willReturn(true);
+        Registry::set(Session::class, $sessionMock);
     }
 
     private function getUserFormData(): array
     {
         $password = uniqid('some-string-', true);
+
         return [
             'oxuser__oxfname' => uniqid('first-name-', true),
             'oxuser__oxlname' => uniqid('last-name-', true),
@@ -125,7 +185,6 @@ private function getUserFormData(): array
                 'oxuser__oxzip' => 123,
                 'oxuser__oxcity' => 'Freiburg',
                 'oxuser__oxcountryid' => 'a7c40f631fc920687.20179984',
-//                'oxuser__oxshopid' => 1,
             ],
         ];
     }

diff --git a/tests/Integration/IntegrationTestCase.php b/tests/Integration/IntegrationTestCase.php
@@ -12,17 +12,20 @@
 use OxidEsales\EshopCommunity\Tests\CachingTrait;
 use OxidEsales\EshopCommunity\Tests\ContainerTrait;
 use OxidEsales\EshopCommunity\Tests\DatabaseTrait;
+use OxidEsales\EshopCommunity\Tests\RequestTrait;
 use PHPUnit\Framework\TestCase;
 
 class IntegrationTestCase extends TestCase
 {
     use ContainerTrait;
     use CachingTrait;
     use DatabaseTrait;
+    use RequestTrait;
 
     public function setUp(): void
     {
         parent::setUp();
+        $this->backupRequestData();
         $this->cleanupCaching();
         $this->beginTransaction();
     }
@@ -31,6 +34,7 @@ public function tearDown(): void
     {
         $this->rollBackTransaction();
         $this->cleanupCaching();
+        $this->restoreRequestData();
         parent::tearDown();
     }
 }
diff --git a/tests/RequestTrait.php b/tests/RequestTrait.php
@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * Copyright © OXID eSales AG. All rights reserved.
+ * See LICENSE file for license details.
+ */
+
+declare(strict_types=1);
+
+namespace OxidEsales\EshopCommunity\Tests;
+
+trait RequestTrait
+{
+    private array $post;
+
+    public function backupRequestData(): void
+    {
+        $this->post = $_POST;
+    }
+
+    public function restoreRequestData(): void
+    {
+        $_POST = $this->post;
+    }
+}